Computer scientists at the Friedrich-Alexander University of Erlangen-Nuremberg, Germany (FAU) have demonstrated that it is possible for unauthorized parties to recover data from encrypted Android smartphones using cold boot attacks. And when they say cold, they mean it – below 10°C, to be precise.
Android has included built-in …

Re: if the phone is on and the ecryption key in ram

Re: if the phone is on and the ecryption key in ram

Well, probably because it all sounded so.... "kewlllll".

But, I thought this would be more like a "chill, peel", as in freezing the phone, and then peeling back the layers of an encryption chip or component. Interesting article... Umm, I meant "kewl" article...

capacitor-based overwrite

I've always wondered why devices don't include capacitors that can power them down sensibly in the few seconds after power failure. We were always warned about suddenly depowering HDDs, but I never understood why they couldn't contain a component holding enough charge to flush the cache and park the head. And in this case, a small capacitor on the mainboard, or in the RAM module, could zero the volatile memory in a few seconds.

Re: capacitor-based overwrite

Actually super capacitors are pretty common place these days. You can get Farad range caps no problems. If youb want to go to the extreme then look no further than KERRS in F1 cars - they use capacitors to store electricity, and they get 80hp out of them.

I remember seeing a pocket radio that had a supercap instead of a battery. If they keep improving them then we may end up using supercaps instead of batteries in phones too.

Re: capacitor-based overwrite

Re: capacitor-based overwrite

All that is probably needed to stop that working is a little more sophistication than 'whipping the battery out and in as quick as possible'. Just holding the CPU in reset or even shorting the power rail to 0V as the supply is pulled will discharge the capacitor and stop the CPU from doing the zeroing of memory.

It adds an extra layer of protection that needs defeating but won't make a phone secure against attack. And if an attacker is after the information (rather than just fishing) they will probably be prepared to put that effort in. In fact there are almost certainly other ways to attack the phone and get a memory dump without having to freeze it so, while it's a novel attack vector, it's far from the only one.

Re: capacitor-based overwrite

IIRC higher security devices like HSMs do have something like this implemented. It doesn't just activate on power-down, it will also be triggered if someone opens the box; that's why those devices have a higher FIPS 140-2 cert than regular mobile devices.

But then HSMs are 1U rack devices, not sure if that mechanism is small enough to fit inside a phone...

Re: capacitor-based overwrite

Small capacitors exist

Intel 320 SSDs include six 470µF capacitors to write the contents of RAM to flash (unwritten user data isn't stored in RAM, but the FTL maps are) They have pretty much the same size/volume as a mobile phone, so if they fit in the SSD they can fit in a phone.

However, you don't need to do that. Just have a really tiny built in battery alongside the main removable (well in most, but not all Android phones) battery. So that if the main battery drains or is removed there is still the tiny secondary battery to do whatever is necessary for a clean shutdown.

Best of all, always zero out the RAM first thing in the boot process. I assume Android probably does this, but the use of the "fast boot" probably skips that step. Don't skip that step and make your fast boot a little slower, and this attack will be thwarted.

Of course, anyone who has your phone in their possession can freeze it and disassemble it to remove the RAM chips and read them. Not exactly a "do at home" task, so while this wouldn't allow a jealous husband to read his wife's texts, it would allow a corporate spy to snag the competition's secrets.

Unless a phone is built to be tamper proof, which AFAIK no consumer phones are, the RAM removal attack will work for any OS - assuming you can figure out where in RAM the encryption key is kept. That will be easier on Android since you have source than it would be on closed source operating systems like iOS, WP8 or BB. But once you find it, it will presumably be simple to find again on other phones of the same make. ASLR may mean the high bits are different every time, but it will be in the same location on the page each time with the same stuff around it.

Re: capacitor-based overwrite

Is there any utility capability in these batteries for Boeing? Sounds like Boeing could string a dozen or so of these along the lower bay and have them power all sorts of things... Maybe they coud even be under a membrane on the skin of the fuselage so if they cause problems, just do a fly-by-wire yank and jettison the cap. Or, if it is not self-fueling, self-consuming, just kill the wire feeds.

Re: capacitor-based overwrite

That would complicate the process, but there would be other ways to ensure abrubt powerdown and reset. Open case and short pins, perhaps. Or magnetic pulse - I've done that to a mobile before while using it to film a can-crusher I built.

Re: capacitor-based overwrite

Re: capacitor-based overwrite

Well the idea is not bad, if the capacitors would sitt in ram, it would be easy to manufacture ram that on power-cut would zero it's own content memory. No need to power up the whole phone for that task.

And if you don't want to build that feature into the ram chips, then make a small battery that can do it. However the zeroing of the ram chips should not be a OS feature.

If you want to be completely secure you build this as a hardware feature onto the ram chips.

Re: Small capacitors exist

Of course, anyone who has your phone in their possession can freeze it and disassemble it to remove the RAM chips and read them. Not exactly a "do at home" task, so while this wouldn't allow a jealous husband to read his wife's texts, it would allow a corporate spy to snag the competition's secrets.

I don't know - disassembling a phone could well be an at-home task for many folks. I've never tried taking apart a modern smartphone, but I've done plenty of workbench PCB mods on consumer devices in my day. Phones are smaller, with smaller feature sizes and surface-mount components and other complications, but I don't see why you couldn't have the necessary equipment at home. Nothing excessively expensive, bulky, power-consuming, sensitive, etc is required, as far as I can tell.

That said, though, changing the phone design so that the attack is difficult to mount without disassembly does increase the work factor significantly, and it removes the currently-plausible scenario of an undetected attack - where the attacker steals the phone, gains access, copies data and/or installs malware, and returns the phone with the victim none the wiser.

And this same attack vector

Re: Are you for real?

Which goes to show how laughable FIPs is.

There's very little protection on BB from malicious apps. For instance apps can even inject keypresses. So, one bad app and "all your data are ours". The only reason that BB is used safely, is that they tend to be locked down by the company IT department.

Re: Are you for real? @Mookster

"There's very little protection on BB from malicious apps. For instance apps can even inject keypresses."

All those actions require the permissions to do so being granted by the user. You can actually block apps from doing such things by setting an explicit Deny on those ops, having a granular security model allows BB to do that.

iOS, as far as I remember, *doesn't* have that granular security, thus the iMob (?) apps were able to grab personal info and send it to the devs. Android might have those safeguards, being based on lookalike-Java; BB has that security model because of Java. I do wonder if they kept it for BB10, though...

Re: Cold Boot Attack ?

So somebody repeated the cold boot attack from 5 years ago on a mobile phone?

Yes. What's interesting here is:

- Demonstrating it on a mobile phone

- The fact that mobile phones are, er, mobile, which makes it easier to grab a phone and carry the attack out at your leisure (and makes it easier to fit in your freezer, for that matter)

- The FROST software, which goes a long way to automating the attack; this is nearly at script-kiddie level of simplicity

This is how security research works. When Matsui invented linear cryptanalysis and demonstrated it against DES, everyone didn't just say "oh, that's nice", and then forget about it. They tried attacking other block ciphers with LC. When AlephOne wrote "Smashing the stack for fun and profit", people went out and conducted a whole bunch of stack-smashing attacks to see what was vulnerable and refine the technique. Just because an idea's been published once doesn't mean there's no benefit in extending it to another target.

will be easy to neuter but not for existing phones

If future bootloader versions randomise RAM on startup this exploit vanishes. Won't help current devices though.

I've always said, if they get physical possession of the device assume your data can be read. This is just one way to do it without dismantling the phone. Does appear that drive encryption is still effective with the default locked bootloader. Unlock it and you should know the device is compromised, you unlock to hack them after all.